Moving this blog CI to Snap-CI
This week I've moved the build of this blog to Snap-CI, if you read it before I used to build on ThoughtWorks Go but this required maintain my own infra-structure just to build this blog. In the process of moving to Snap-CI I had to do some small changes so here is my notes.
Melting the snowflake
All changes I had to do were due my previous build system being a snowflake . Three things had to be addressed: the deployment, Pygments and Checklink. All three were pre-configured on the machine, moving to an ephemeral machine these had to be fixed.
Deployment
All deployment is pretty much ssh based, since this blog is a static website I
just need to copy a tar.gz file to the server, which is authenticated by key
exchange. But the question remains "where can I store the key?" Uploading it to
the repository sounds like a bad idea, anyone with access to the repository
could use the key, still it has to go somewhere. So I decided encrypt the key
and check the encrypted file. To decrypt one needs a pass phrase which is
configured by a environment variable. Access to the repository doesn't mean
access to the server.
After the key decryption configured I turned off the host key fingerprint check. At this point I could encrypt a host key file but it is more tailored for client security and middle-man attack so I disabled. Here is a snippet of the rake task which deploys the blog archive:
desc "Send package to deployment server"
task :send_pkg, [:lang] do |t, args|
PrivateKey.with_pk do |blogpk|
run_or_show "scp -i #{blogpk} -o 'UserKnownHostsFile=/dev/null' -o 'StrictHostKeyChecking=no' " \
" -v #{MyConfig.archive_dir}/#{MyConfig.package args[:lang]} #{MyConfig.archive_ssh}:tmp/"
end
end
Pygments
To highlight code I use Pygments, in order to make sure
it is available I had to install it if necessary, fortunately easy_install has
a --user flag which allows you to do a non root install. To make it available
to jekyll I added the install location to
PATH.
desc "Check if pygments is installed"
task :pygments_is_installed do
if Build.snap_ci?
run_or_show "easy_install --user -s bin/ Pygments"
ENV['PATH'] = "#{ENV['PATH']}:#{ENV['HOME']}/.local/bin/"
end
run_or_show 'pygmentize -V'
end
Checklink
Finally checklink which is a Perl script. Contrary to Pygments, checklink
has dependencies, installing during build sounded like too much so I decided to
add the whole thing to the repository, which in turn wasn't so trivial. You got
to know a little bit Perl to not get lost in the process, which in my case was
using local::lib and
some CPAN shell gymnastics.
The catch was some modules like Time::HiRes are architecture dependent. Enter Vagrant, Snap-CI runs CentOS 6.4 OS, so I compiled the architecture dependent modules on Vagrant and installed them on the repository too.
Rise the Phenix build
After these three changes the build is pretty much self contained now. In theory it runs in any Linux/Unix base system (as long it has Python, Perl and Ruby installed), alright not so generic, but good enough IMO. With few dependencies which get setup at build time now it's possible to easily configure and set this blog build on Snap-CI.